This is a log of my installation/Compilation of Apache DSO
with SSL, MM, and Tomcat 3.1 (source distribution) under Linux RH 6.2
(with all updates through Apr 24 applied).
(i.e., for kernel 2.2.x).
You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be
easier to follow this installation log. It is available at:
http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html
This stuff if based on INSTALL file which comes with mod_ssl
and on the
http://www.servlets.com/soapbox/techtips/
December 8, 1999
"Install instructions for Apache 1.3.9 with Tomcat 3.0"
by Jason Hunter.
If you are outside US, please look into INSTALL which comes
with mod_ssl, since you do not need RSAREF and can use more
robust code [your 8) and apache configure will be different].
1) I install all tarballs to into /usr/local/updates
2) Install Java 1.2 under linx RH 6.1
Note... Usually, you do not have Java installed. But with older
Linuces, there were various ports to Java (e.g., Kaffe). You have
to remove them from your system. If you are not sure if you have
java installed and in the path, just type
java
and see what happens. If it says: java: command not found
you are OK.
Java -- took jdk1.2 from one of the mirrors of www.blackdown.org
North America
1.ftp://iodynamics.com/pub/mirror/linux-jdk/
2.ftp://ftp.infomagic.com/pub/mirrors/linux/Java/
3.ftp://metalab.unc.edu/pub/linux/devel/lang/java/blackdown.org/
4.ftp://xfer.nitric.com/pub/java-linux
5.http://xfer.nitric.com/pub/java-linux
There is also JDK for linux available from Sun, in:
http://java.sun.com/products/jdk/1.2/download-linux.html
It is supposedly suitable for older Linux kernel. I do not know.
I used RH6.1 and blackdown 1.2.2_RC4.
I previously was taking Blackdown Release 4 from
ftp://iodynamics.com/pub/mirror/linux-jdk/JDK-1.2.2/i386/rc4/
What you need is a file:
jdk-1.2.2-RC4-linux-i386-glibc-2.1.2.sh
This time, I decided to try Sun port to linux which is available
from http://www.javasoft.com/
I placed the
21580986 jdk1_2_2-linux-i386.tar.gz
in /usr/local/updates
I unpacked it as:
tar zxvf jdk1_2_2-linux-i386.tar.gz
cd jdk1.2.2
I read README file,
and in web browser followed the instructions from:
http://java.sun.com/products/jdk/1.2/install-linux.html
then I decided to move the whole directory tree jdk1.2.2 to /usr/local
cd /usr/local
mv /usr/local/updates/jdk1.2.2 jdk1.2.2
It installed the JDK 1.2.2 in /usr/local/jdk1.2.2
4) Set your environment variables for Java (I am assuming you use
some Bourne shell lookalike -- ksh or bash.
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
5) Make top directory for Tomcat installation. I did
/usr/local/apache_t3.1 but if you do some other, you
need to remember to use it in the instructions below,
mkdir /usr/local/apache_t3.1
6) I also make a subdirectory sources to have all needed sources
in one place.
mkdir /usr/local/apache_t3.1/sources
cd /usr/local/apache_t3.1/sources
place there tar files, and then unpack them as shown below:
a) wget http://www.apache.org/dist/apache_1.3.12.tar.gz
apache_1.3.12.tar.gz from http://www.apache.org/dist/
gtar zxvf apache_1.3.12.tar.gz
b) mod_ssl-2.6.3-1.3.12.tar.gz from http://www.modssl.org
wget http://www.modssl.org/source/mod_ssl-2.6.3-1.3.12.tar.gz
gtar zxvf mod_ssl-2.6.3-1.3.12.tar.gz
c) openssl-0.9.5a.tar.gz from http://www.openssl.org
wget http://www.openssl.org/source/openssl-0.9.5a.tar.gz
gtar zxvf openssl-0.9.5a.tar.gz
d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/
wget http://www.engelschall.com/sw/mm/mm-1.0.12.tar.gz
gtar zxvf mm-1.0.12.tar.gz
e) rsaref20.tar.Z -- it is no longer distributed, and I got it
from my private museum. It is available from many places
on the Web outside US. Search the Web FOR RSAREF 2.0.
mkdir rsaref-2.0
cd rsaref-2.0
gtar Zxvf ../rsaref20.tar.Z
cd ..
f) tar.gz sources for tomcat 3.1 beta 1 from
cd /usr/local/apache_t3.1/sources
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-ant.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-taglibs.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tomcat.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-tools.tar.gz
wget http://jakarta.apache.org/builds/tomcat/release/v3.1/src/jakarta-watchdog.zip
I untarred them as:
cd /usr/local/apache_t3.1/sources
gtar zxvf jakarta-ant.tar.gz
gtar zxvf jakarta-taglibs.tar.gz
gtar zxvf jakarta-tomcat.tar.gz
gtar zxvf jakarta-tools.tar.gz
unzip jakarta-watchdog.zip
7) Compiled RSAREF library for openssl since we are in US and RSA has
a patent, and we cannot use the decent implementation of crypto
libraries. If you are in Europe, you can skip this thing.
cd /usr/local/apache_t3.1/sources/rsaref-2.0
cp -rp install/unix local
cd local
edited makefile to have
CC = gcc
changed all occurrances of cc --> $(CC)
added -fPIC to CFLAGS
make
mv rsaref.a librsaref.a
8) Compiled the openssl [if you are in Europe, you need to
check the mod_ssl INSTALL not to include RSAREF]
cd /usr/local/apache_t3.1/sources/openssl-0.9.5a
sh config \
-L /usr/local/apache_t3.1/sources/rsaref-2.0/local/rsaref -fPIC
make
make test
9) Compiled MM shared memory library
cd /usr/local/apache_t3.1/sources/mm-1.0.12
./configure --disable-shared
make
cd ..
10) Configured mod_ssl
cd /usr/local/apache_t3.1/sources/mod_ssl-2.6.3-1.3.12
EAPI_MM=../mm-1.0.12 \
./configure \
--with-apache=/usr/local/apache_t3.1/sources/apache_1.3.12
11) Configure and make and install Apache with DSO support:
cd /usr/local/apache_t3.1/sources/apache_1.3.12
SSL_BASE=/usr/local/apache_t3.1/sources/openssl-0.9.5a \
RSA_BASE=/usr/local/apache_t3.1/sources/rsaref-2.0/local \
EAPI_MM=/usr/local/apache_t3.1/sources/mm-1.0.12 \
./configure --prefix=/usr/local/apache_t3.1 \
--enable-module=so \
--enable-rule=SHARED_CORE \
--enable-module=most \
--enable-shared=max \
--enable-module=ssl \
--enable-shared=ssl
make
make certificate TYPE=custom
make install
My entries for certificates with
make certificate TYPE=custom
were defaults, no passwords, and:
STEP 0: R
STEP 2:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Cer..Authority]:Gateway
6. Common Name [Snake Oil CA]:pse.ccl.net
7. Email Address [ca@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1000
STEP 3: 3
STEP 5:
1. Country Name [XY]:US
2. State or Province Name [Snake Desert]:Ohio
3. Locality Name [Snake Town]:Columbus
4. Organization Name [Snake Oil, Ltd]:OSC
5. Organizational Unit Name [Webserver Team]:PSE
6. Common Name [www.snakeoil.dom]:pse.ccl.net
7. Email Address [www@snakeoil.dom]:jkl@ccl.net
8. Certificate Validity [365]:1001
STEP 6: 3
STEP 7:n
STEP 8:n
12) edited a file in /usr/local/apache_t3.1/conf/httpd.conf and
added (actually uncommented):
ServerName pse.ccl.net
13) Testing if Apache works:
a) make sure other installation of apache is not running,
or if it runs, it does not use port 80 and port 443.
(do: ps auwx | grep httpd), and if httpd runs, kill it
with its own apachectl script or just use (not recommended)
killall httpd
b) start apache with:
/usr/local/apache_t3.1/bin/apachectl startssl
If you have warning, you have a problem, and try to
do "exactly what I say" next time {:-)}.
c) Use your browser (preferable on some other machine)
and check if http: and https: work
In my case, I tries URLs:
http://pse.ccl.net/
and
https://pse.ccl.net/
In the https case you should get a lot of windows
which ask you for accepting the certificate.
Just click Next to see if you can go through to the
page.
d) Stop apache, since you are not finshed yet.
/usr/local/apache_t3.1/bin/apachectl stop
14) Compiled mod_jserv.so included in jakarta-tomcat zip archive.
cd /usr/local/apache_t3.1/sources
cd jakarta-tomcat/src/native/apache/jserv
/usr/local/apache_t3.1/bin/apxs -c mod_jserv.c jserv*.c
cp mod_jserv.so /usr/local/apache_t3.1/libexec
15) Building and installing tomcat
cd /usr/local/apache_t3.1/sources/jakarta-ant
./bootstrap.sh
./build.sh
PATH=${PATH}:/usr/local/apache_t3.1/sources/jakarta-ant/bin
export PATH
ANT_HOME=/usr/local/apache_t3.1/sources/jakarta-ant
export ANT_HOME
cd /usr/local/apache_t3.1/sources/jakarta-tomcat
./build.sh
16) Starting stand alone tomcat and testing:
cd /usr/local/apache_t3.1/sources/build/tomcat/bin
edited startup.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1/sources/build/tomcat/bin
export BASEDIR
$BASEDIR/tomcat.sh start "$@"
-------------------- cut end --------------
edited shutdown.sh to be:
-------------------- cut start --------------
#!/bin/sh
# original comments which where there
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}
PATH=${PATH}:/usr/local/apache_t3.1/sources/build/tomcat/bin
export PATH
CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar
export CLASSPATH
BASEDIR=/usr/local/apache_t3.1/sources/build/tomcat/bin
export BASEDIR
$BASEDIR/tomcat.sh stop "$@"
-------------------- cut end --------------
Then I did:
./startup.sh
In my browser I called:
http://pse.ccl.net:8080/
and it gave me the Tomcat examples page. Examples worked, so I shut down.
./shutdown.sh
17) Added tomcat.conf to httpd.conf by adding a line:
cd /usr/local/apache_t3.1/conf
edit httpd.conf
Add this line at the end:
Include /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf
18) In /usr/local/apache_t3.1/bin
cp apachectl apache-tomcat
and edited apache-tomcat to have a script to start/stop tomcat/apache
a) At the beginning, just after "END CONFIGURATION SECTION" I added:
TOMCAT_HOME=/usr/local/apache_t3.1/sources/build/tomcat
export TOMCAT_HOME
JAVA_HOME=/usr/local/jdk1.2.2
export JAVA_HOME
PATH=$JAVA_HOME/bin:${PATH}
export PATH
b) under case startssl added 2 lines after: if $HTTPD -DSSL; then
cd $TOMCAT_HOME/bin
./startup.sh
c) under case stop added 2 lines after: if kill $PID ; then
cd $TOMCAT_HOME/bin
./shutdown.sh
d) changed apache-tomcat to executable :
chmod 755 /usr/local/apache_t3.1/bin/apache-tomcat
19) Started the apache/tomcat as:
/usr/local/apache_t3.1/bin/apache-tomcat startssl
and checked if http://pse.ccl.net/examples and
https://pse.ccl.net/examples worked. They did, so I killed the
server with:
/usr/local/apache_t3.1/bin/apache-tomcat stop
22) After tomcat/apache is installed, the default configuration of
mod_jserv.c and mod_rewrite_c is wrong, since mod_jserv follows
mod_rewrite (for details look up:
http://www.magiccookie.com/computers/apache-jserv/
To fix it I put mod_serv before mod_rewrite in
LoadModule jserv_module libexec/mod_jserv.so
LoadModule rewrite_module libexec/mod_rewrite.so
and
AddModule mod_jserv.c
AddModule mod_rewrite.c
and commented out the line
# LoadModule jserv_module libexec/mod_jserv.so
in /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf
23) Adding other tomcat "web applications" beside "examples"
so they can also be access via Apache Web server.
/usr/local/apache_t3.1/sources/build/tomcat/webapps/ROOT
/usr/local/apache_t3.1/sources/build/tomcat/webapps/test
/usr/local/apache_t3.1/sources/build/tomcat/webapps/admin
Note, I also provide for the Basic Authentication in both
http and https. If you want to be picky, you need to disable
the Basic Authentication on the http port since it is profoundly unsafe.
To mount the original Tomcat directories I added following lines to:
/usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf
ApJServMount /docs /root
<Location /docs>
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
<Limit GET POST>
require group avs
</Limit>
</Location>
ApJServMount /test /root
<Location /test>
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
<Limit GET POST>
require group avs
</Limit>
</Location>
ApJServMount /admin /root
<Location /admin>
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
<Limit GET POST>
require group avs
</Limit>
</Location>
In /usr/local/apache_t3.1/sources/build/tomcat/conf/server.xml added:
<Context path="/docs" docBase="webapps/ROOT" debug="0" reloadable="true" >
</Context>
<Context path="/admin" docBase="webapps/admin" debug="0" reloadable="true" >
</Context>
(note, I left the entry:
<Context path="" docBase="webapps/ROOT" debug="0" reloadable="true" >
</Context>
unchanged, since it corresponds to a TOP directory of Tomcat).
Unfortunately, this messed up the links in the original tomcat examples
when viewed via Apache port (9080). It is because in Tomcat the URL
to top directory / corresponds to real directory:
/usr/local/apache_t3.1/sources/build/tomcat/webapps
while in Apache it corresponds to a real directory
/usr/local/apache_t3.1/htdocs
Moreover, the /docs in apache corresponds to / in tomcat.
I cleaned it up by adding following contexts
ApJServMount /docs/examples /root
ApJServMount /docs/test /root
ApJServMount /docs/admin /root
to /usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf
and adding them to
/usr/local/apache_t3.1/sources/build/tomcat/conf/server.xml
as:
<Context path="/docs/examples" docBase="webapps/examples" debug="0" reloadable="true" >
</Context>
<Context path="/docs/admin" docBase="webapps/admin" debug="0" reloadable="true" >
</Context>
<Context path="/docs/test" docBase="webapps/test" debug="0" reloadable="true" >
</Context>
24) To deal with docs/examples --> /examples problem I also tried to use
rewrite modules of apache. I have put the following lines into
/usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/docs/examples /examples [R]
RewriteRule ^/docs/test /test [R]
RewriteRule ^/docs/admin /admin [R]
RewriteRule ^/tomcat.gif /docs/tomcat.gif [R]
</IfModule>
Worked perfectly!!! Note, if you do not put mod_jserv before mod_rewrite
in module activation section of httpd.conf, the stuff will not work!!!
25) But this was about original Tomcat examples and stuff, which I did not
want to move, so I have something to relate to. For production you
need to put your web applications under the Web Document Tree of Apache,
i.e., the directory which is given on the line:
DocumentRoot "/some/directory/on/your/machine"
in the httpd.conf file for your server (or virtual server).
To do this, I created a skeleton of the web application called AVS
and mounted it as AVS under Apache DocumentRoot. My $APACHE_HOME
is /usr/local/apache_t3.1. I created directory ASV under it:
cd /usr/local/apache_t3.1/htdocs
mkdir AVS
cd AVS
mkdir WEB-INF
mkdir WEB-INF/classes
mkdir WEB-INF/classes/WorkshopRequest
mkdir WEB-INF/classes/oscViz
In the top directory of my web application, i.e.,
/usr/local/apache_t3.1/htdocs/AVS
I placed all the images, *.jsp, *.css, and *.html files. This was
a small web application, and I did not have to get elaborate
directory structure. In the WEB-INF/classes
I placed JavaBeans needed by the JSP pages.
I then added the following to the
/usr/local/apache_t3.1/sources/build/tomcat/conf/tomcat.conf file:
ApJServMount /AVS /root
<Location /AVS>
AuthType Basic
AuthName "For internal users only"
AuthUserFile /usr/local/apache/auth/avspass
AuthGroupFile /usr/local/apache/auth/avspeople
AuthType Basic
<Limit GET POST>
require group avs
</Limit>
</Location>
This tells Apache that the requests to directory:
/usr/local/apache_t3.1/htdocs/AVS
(i.e., URLs location http://pse.ccl.net:9080/AVS) should be
redirected to Tomcat for processing, and that Basic Authentication
needs be done for group defined in /usr/local/apache/auth/avspeople
whose id/password pairs are stored in /usr/local/apache/auth/avspass.
The Authentication Realm is "For internal users only".
I also needed to tell Tomcat that we have a new Web application.
I edited file:
/usr/local/apache_t3.1/sources/build/tomcat/conf/server.xml
and added there a piece like this:
<Context path="/AVS"
docBase=" /usr/local/apache_t3.1/htdocs/AVS" debug="0"
reloadable="true" >
</Context>
I also had to provide the web application init file.
My /usr/local/apache_t3.1/htdocs/AVS/WEB-INF/web.xml was very simple:
-------------- cut here -----------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
</web-app>
-------------- cut here -----------
i.e., take defaults.
I restarted the Apache as:
/usr/local/apache_t3.1/bin/apache-tomcat stop
/usr/local/apache_t3.1/bin/apache-tomcat startssl
and I was extremely happy when I was clicking on the button
for the form:
http://pse.ccl.net:9080/AVS/workshop_request.html
and
https://pse.ccl.net:9443/AVS/workshop_request.html
Sorry that you will not see it, since it is password protected.
But if you read carefully, you can see this test page which does
nothing, by using another port, and you will not be asked for password.